Lucene search

[email protected]CVE-2022-20245

HistoryAug 11, 2022 - 3:15 p.m.

CVE-2022-20245

2022-08-1115:15:10

[email protected]

web.nvd.nist.gov

cve-2022-20245

windowmanager

recording

lock screen

local information disclosure

android

nvd

vulnerability

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-215005011

Affected configurations

NVD

Node

googleandroidMatch13.0.0

CPENameOperatorVersion
google:androidgoogle androideq13.0.0

CPE	Name	Operator	Version
google:android	google android	eq	13.0.0

CNA Affected

[
  {
    "product": "Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android-13"
      }
    ]
  }
]

References

source.android.com/security/bulletin/android-13

Social References

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for CVE-2022-20245

nvd1 cvelist1 prion1 androidsecurity1